[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OCSP response pre-production (was RE: POLL: Use of nonces in OCS P)

To: "Deacon, Alex" <alex@xxxxxxxxxxxx>, "'Russ Housley'" <housley@xxxxxxxxxxxx>
Subject: Re: OCSP response pre-production (was RE: POLL: Use of nonces in OCS P)
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Sat, 27 Sep 2003 10:53:48 -0700
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 1:55 PM -0700 9/26/03, Deacon, Alex wrote:

Hi Russ,

Agreed, however we do not have control of all OCSP clients.  In the case
where a responder is using pre-produced responses and can't respond to a
request with a nonce, the responder can do one of two things:

1) Send the pre-produced response without the nonce
2) return a malformedReqest OCSPResponseStatus

That's not the correct status: "internalError" is much more appropriate. The request is *not* malformed: it is the responder that has an error (namely, that it cannot handle a valid request).

--Paul Hoffman, Director
--Internet Mail Consortium

References:
- OCSP response pre-production (was RE: POLL: Use of nonces in OCS P)
  - From: Deacon, Alex

Prev by Date: RE: OCSP and Nonces
Next by Date: RE: OCSP response pre-production
Previous by thread: OCSP response pre-production (was RE: POLL: Use of nonces in OCS P)
Next by thread: Re: OCSP response pre-production (was RE: POLL: Use of nonces in OCSP)
Index(es):
- Date
- Thread